From: Jaegeuk Kim <jaegeuk@kernel.org>
To: Joe Perches <joe@perches.com>
Cc: linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [f2fs-dev] [PATCH v5] f2fs: fix potential .flags overflow on 32bit architecture
Date: Mon, 23 Mar 2020 08:10:27 -0700 [thread overview]
Message-ID: <20200323151027.GA123526@google.com> (raw)
In-Reply-To: <afa74570dacebb3b93d4b9c27d6c8a87186cef2d.camel@perches.com>
On 03/23, Joe Perches wrote:
> On Mon, 2020-03-23 at 11:18 +0800, Chao Yu wrote:
> > f2fs_inode_info.flags is unsigned long variable, it has 32 bits
> > in 32bit architecture, since we introduced FI_MMAP_FILE flag
> > when we support data compression, we may access memory cross
> > the border of .flags field, corrupting .i_sem field, result in
> > below deadlock.
> []
> > diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
> []
> > @@ -362,7 +362,7 @@ static int do_read_inode(struct inode *inode)
> > fi->i_flags = le32_to_cpu(ri->i_flags);
> > if (S_ISREG(inode->i_mode))
> > fi->i_flags &= ~F2FS_PROJINHERIT_FL;
> > - fi->flags = 0;
> > + bitmap_zero(fi->flags, BITS_TO_LONGS(FI_MAX));
>
> Sorry, I misled you here, this should be
>
> bitmap_zero(fi->flags, FI_MAX);
Thanks, I applied this directly in the f2fs tree.
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
WARNING: multiple messages have this Message-ID (diff)
From: Jaegeuk Kim <jaegeuk@kernel.org>
To: Joe Perches <joe@perches.com>
Cc: Chao Yu <yuchao0@huawei.com>,
linux-f2fs-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, chao@kernel.org
Subject: Re: [PATCH v5] f2fs: fix potential .flags overflow on 32bit architecture
Date: Mon, 23 Mar 2020 08:10:27 -0700 [thread overview]
Message-ID: <20200323151027.GA123526@google.com> (raw)
In-Reply-To: <afa74570dacebb3b93d4b9c27d6c8a87186cef2d.camel@perches.com>
On 03/23, Joe Perches wrote:
> On Mon, 2020-03-23 at 11:18 +0800, Chao Yu wrote:
> > f2fs_inode_info.flags is unsigned long variable, it has 32 bits
> > in 32bit architecture, since we introduced FI_MMAP_FILE flag
> > when we support data compression, we may access memory cross
> > the border of .flags field, corrupting .i_sem field, result in
> > below deadlock.
> []
> > diff --git a/fs/f2fs/inode.c b/fs/f2fs/inode.c
> []
> > @@ -362,7 +362,7 @@ static int do_read_inode(struct inode *inode)
> > fi->i_flags = le32_to_cpu(ri->i_flags);
> > if (S_ISREG(inode->i_mode))
> > fi->i_flags &= ~F2FS_PROJINHERIT_FL;
> > - fi->flags = 0;
> > + bitmap_zero(fi->flags, BITS_TO_LONGS(FI_MAX));
>
> Sorry, I misled you here, this should be
>
> bitmap_zero(fi->flags, FI_MAX);
Thanks, I applied this directly in the f2fs tree.
next prev parent reply other threads:[~2020-03-23 15:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-23 3:18 [f2fs-dev] [PATCH v5] f2fs: fix potential .flags overflow on 32bit architecture Chao Yu
2020-03-23 3:18 ` Chao Yu
2020-03-23 10:40 ` [f2fs-dev] " Joe Perches
2020-03-23 10:40 ` Joe Perches
2020-03-23 15:10 ` Jaegeuk Kim [this message]
2020-03-23 15:10 ` Jaegeuk Kim
2020-03-24 6:13 ` [f2fs-dev] " Chao Yu
2020-03-24 6:13 ` Chao Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200323151027.GA123526@google.com \
--to=jaegeuk@kernel.org \
--cc=joe@perches.com \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.